sql insert image

 HttpPostedFile UpFile = File1.PostedFile;
            int FileLenght = UpFile.ContentLength;
            decimal FileSize = FileLenght / 1024;
            if (FileLenght == 0)
            {
                DIVShowGVError.Visible = true;
                LblShowGVError.Text = "请选择上传文件";
                return;
            }
            string strImageName = UpFile.FileName;
            string strImageType = strImageName.Substring(strImageName.LastIndexOf(".")).ToLower();
            if (strImageType != ".jpg" && strImageType != ".jpeg" && strImageType != ".bmp" && strImageType != ".png")
            {
                DIVShowGVError.Visible = true;
                LblShowGVError.Text = "請上傳以下文件格式的圖片：jpg,jpeg,bmp,png";
                return;
            }
            if (FileSize > 2048)
            {
                DIVShowGVError.Visible = true;
                LblShowGVError.Text = "上傳圖片不能大於2M";
                return;
            }
            else
            {
                Byte[] FileByteArray = new Byte[FileLenght];
                Stream StreamObject = UpFile.InputStream;
                StreamObject.Read(FileByteArray, 0, FileLenght);

                strNewLeave = "insert into [Leave]([ID],[EmployeeNo],[AgentID],[LeaveType],[StartDate],[EndDate],[Hours],[LeaveReason],[ReportTime],[ReportID],[ImageName],[ImageData]) ";
                strNewLeave += "values(@LeaveNo,@EmpNo,@AgentName,@LeaType,@StartDate,@EndDate,@Hours,@Reason,getdate(),@Admin,@ImageName,@Image) ";

                sqlPara = new SqlParameter[] { 
                new SqlParameter("@LeaveNo",strLeaNo),
                new SqlParameter("@EmpNo",strEmpNo),
                new SqlParameter("@AgentName",strAgentID),
                new SqlParameter("@LeaType",strLeaType),
                new SqlParameter("@StartDate",strDateSt),
                new SqlParameter("@EndDate",strDateEnd),
                new SqlParameter("@Hours",strHours),
                new SqlParameter("@Reason",strReason),
                new SqlParameter("@Admin",strAdmin),
                new SqlParameter("@ImageName",strImageName),
                new SqlParameter("@Image",FileByteArray)
                };

                StreamObject.Close();
            }

SQLHelper sqlH = new SQLHelper();
        string strID = context.Request["ID"];
        byte[] MyData = new byte[0];
        string str = "  select [ImageData] from [Leave] where [ID]='" + strID + "' ";
        DataTable dt = sqlH.ExecuteQuery(str, CommandType.Text);
        if (dt.Rows.Count > 0)
        {
            MyData = (byte[])dt.Rows[0][0];
            int ArraySize = MyData.GetUpperBound(0);

            context.Response.OutputStream.Write(MyData, 0, ArraySize);
        }